RUSTSEC-2022-0004: Stack overflow in rustc_serialize when parsing deeply nested JSON


> Stack overflow in rustc_serialize when parsing deeply nested JSON

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `rustc-serialize`                      |
| Version             | `0.3.24`                   |
| Date                | 2022-01-01                         |

When parsing JSON using `json::Json::from_str`, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process.

Example code that triggers the vulnerability is

```rust
fn main() {
    let _ = rustc_serialize::json::Json::from_str(&amp;&quot;[0,[&quot;.repeat(10000));
}
```

[serde](https://crates.io/crates/serde) is recommended as a replacement to rustc_serialize.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2022-0004.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RUSTSEC-2022-0004: Stack overflow in rustc_serialize when parsing deeply nested JSON #7

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

RUSTSEC-2022-0004: Stack overflow in rustc_serialize when parsing deeply nested JSON #7

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions